Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Specific cstrings input may not be properly validated in the Go Driver
Vulnerability Description
Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. A malicious user could use a Go object with specific string to potentially inject additional fields into marshalled documents. This issue affects all MongoDB GO Drivers prior to and including 1.5.0.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
Vulnerability Type
CWE-1287
Vulnerability Title
MongoDB 输入验证错误漏洞
Vulnerability Description
Mongodb Server是美国Mongodb公司的一套开源的NoSQL数据库。该数据库提供面向集合的存储、动态查询、数据复制及自动故障转移等功能。 MongoDB mongo-go-driver 中存在输入验证错误漏洞,该漏洞源于在go对象编码成Json时,驱动程序无法对输入数据进行完全的安全验证。攻击者可通过带有特定字符串的Go对象项编组的文档中注入额外的字段。以下产品及型号会受到影响:MongoDB mongo-go-driver 1.5.0 之前版本。
CVSS Information
N/A
Vulnerability Type
N/A